HTTP/HTTPS 1.1 Web Server and
Client

The HTTP/HTTPS 1.1
Web Server and Client feature provides a consistent interface for users and
applications by implementing support for HTTP/HTTPS 1.1 in Cisco IOS XE
software-based devices.

This module describes
the concepts and the tasks related to configuring the HTTP/HTTPS 1.1 Web Server
and Client feature.

Finding Feature
Information

Your software release
may not support all the features documented in this module. For the latest
caveats and feature information, see
Bug Search Tool and the
release notes for your platform and software release. To find information about
the features documented in this module, and to see a list of the releases in
which each feature is supported, see the feature information table.

Use Cisco Feature
Navigator to find information about platform support and Cisco software image
support. To access Cisco Feature Navigator, go to
www.cisco.com/​go/​cfn.
An account on Cisco.com is not required.

Information About the HTTP 1.1 Web Server and Client

This feature updates the Cisco implementation of the Hypertext Transfer Protocol (HTTP) from 1.0 to 1.1. The HTTP server allows features and applications, such as the Cisco web browser user interface, to be run on your routing device.

The Cisco implementation of HTTP 1.1 is backward-compatible with previous Cisco IOS XE releases. If you are currently using configurations that enable the HTTP server, no configuration changes are needed, as all defaults remain the same.

The process of enabling and configuring the HTTP server also remains the same as in previous releases. Support for Server Side Includes (SSIs) and HTML forms has not changed. Additional configuration options, in the form of the iphttptimeout-policy command and theiphttpmax-connectionscommand, have been added. These options allow configurable resource limits for the HTTP server. If you do not use these optional commands, the default policies are used.

Remote applications may require that you enable the HTTP server before using them. Applications that use the HTTP server include:

IP Phone and Cisco IOS XE Telephony Service applications, which use the ITS Local Directory Search and IOS Telephony Server (ITS)

About HTTP/HTTPS Server
General Access Policies

The
iphttptimeout-policy command allows you to specify
general access characteristics for the server by configuring a value for idle
time, connection life, and request maximum. By adjusting these values you can
configure a general policy; for example, if you want to maximize throughput for
HTTP/HTTPS connections, you should configure a policy that minimizes connection
overhead. You can configure this type of policy by specifying large values for
thelife and
request options
so that each connection stays open longer and more requests are processed for
each connection.

Another example would
be to configure a policy that minimizes the response time for new connections.
You can configure this type of policy by specifying small values for thelife and
request options
so that the connections are quickly released to serve new clients.

A throughput policy
would be better for HTTP/HTTPS sessions with dedicated management applications,
as it would allow the application to send more requests before the connection
is closed, while a response time policy would be better for interactive
HTTP/HTTPS sessions, as it would allow more people to connect to the server at
the same time without having to wait for connections to become available.

In general, you
should configure these options as appropriate for your environment. The value
for the
idle option
should be balanced so that it is large enough not to cause an unwanted request
or response timeout on the connection, but small enough that it does not hold a
connection open longer than necessary.

Access security
policies for the HTTP/HTTPS server are configured using the
iphttpauthentication command, which allows only
selective users to access the server, the
iphttpaccess-class command, which allows only selective
IP hosts to access the server, and the
iphttpaccountingcommands command, which specifies a particular
command accounting method for HTTP/HTTPS server users.

How to Configure HTTP 1.1 Web Server and Client

Configuring the HTTP/HTTPS
1.1 Web Server

Perform this task
to enable the HTTP/HTTPS server and configure optional server characteristics.
The HTTP/HTTPS server is disabled by default.

Note

If you want to
configure authentication (step 4), you must configure the authentication type
before you begin configuring the HTTP/HTTPS 1.1 web server.

To enable
HTTP over Secure Socket Layer (HTTPS) server, use the
iphttpsecure-server command. Before enabling HTTPS, you
must disable the standard HTTP server using thenoiphttpserver command. This command is required to ensure
only secure connections to the server.

Step 4

iphttpauthentication {aaa |
enable |
local }

Example:

Device(config)# ip http authentication local

(Optional)
Specifies the authentication method to be used for login when a client connects
to the HTTP/HTTPS server. The methods for authentication are:

aaa--Indicates that the authentication method used for the
AAA login service (specified by the
aaaauthenticationlogindefault command) should be used for
authentication.

enable--Indicates that the “enable” password should be used
for authentication. (This is the default method.)

local --Indicates that the login user name, password and
privilege level access combination specified in the local system configuration
(by the
username global
configuration command) should be used for authentication and authorization.

Command
accounting for HTTP/HTTPS is automatically enabled when authentication,
authorization, and accounting (AAA) is configured on the device. It is not
possible to disable accounting. HTTP/HTTPS will default to using the global AAA
default method list for accounting. The CLI can be used to configure HTTP/HTTPS
to use any predefined AAA method list.

named-accounting-method-list--Indicates the name of the predefined command
accounting method list.

Step 6

iphttpportport-number

Example:

Device(config)# ip http port 8080

(Optional)
Specifies the server port that should be used for HTTP/HTTPS communication (for
example, for the Cisco web browser user interface).

Step 7

iphttppathurl

Example:

Device(config)# ip http path slot1:

(Optional)
Sets the base HTTP path for HTML files. The base path is used to specify the
location of the HTTP/HTTPS server files (HTML files) on the local system.
Generally, the HTML files are located in system flash memory.

Step 8

iphttpaccess-classaccess-list-number

Example:

Device(config)# ip http access-class 20

(Optional)
Specifies the access list that should be used to allow access to the HTTP/HTTPS
server.

Step 9

iphttpmax-connectionsvalue

Example:

Device(config)# ip http max-connections 10

(Optional)
Sets the maximum number of concurrent connections allowed to the HTTP/HTTPS
server. The default value is 5.

Step 10

iphttptimeout-policyidlesecondslifesecondsrequestsvalue

Example:

Device(config)#ip http timeout-policy idle 30 life 120 requests 100

(Optional)
Sets the characteristics that determine how long a connection to the HTTP/HTTPS
server should remain open. The characteristics are:

idle--The maximum number of seconds the connection will be
kept open if no data is received or response data cannot be sent out on the
connection. Note that a new value may not take effect on any already existing
connections. If the server is too busy or the limit on the
life time or
the number of
requests is
reached, the connection may be closed sooner. The default value is 180 seconds
(3 minutes).

life--The maximum number of seconds the connection will be
kept open, from the time the connection is established. Note that the new value
may not take effect on any already existing connections. If the server is too
busy or the limit on the idle time or the number of requests is reached, it may
close the connection sooner. Also, since the server will not close the
connection while actively processing a request, the connection may remain open
longer than the specified
life time if
processing is occurring when the life maximum is reached. In this case, the
connection will be closed when processing finishes. The default value is 180
seconds (3 minutes). The maximum value is 86400 seconds (24 hours).

requests--The maximum limit on the number of requests processed
on a persistent connection before it is closed. Note that the new value may not
take effect on already existing connections. If the server is too busy or the
limit on the idle time or the life time is reached, the connection may be
closed before the maximum number of requests are processed. The default value
is 1. The maximum value is 86400.

Configuring the HTTP/HTTPS
Client

Perform this task
to enable the HTTP/HTTPS client and configure optional client characteristics.

The standard HTTP
1.1 client and the secure HTTP client are always enabled. No commands exist to
disable the HTTP client. For information about configuring optional
characteristics for the HTTPS client, see the HTTPS--HTTP Server and Client
with SSL 3.0 feature module.

Configures the
default password used for connections to remote HTTP servers.

Step 6

iphttpclientproxy-serverproxy-nameproxy-portport-number

Example:

Device(config)# ip http client proxy-server server1 proxy-port 52

Configures an
HTTP proxy server.

Step 7

iphttpclientresponsetimeoutseconds

Example:

Device(config)# ip http client response timeout 60

Specifies the
timeout value, in seconds, that the HTTP client waits for a response from the
server.

Step 8

iphttpclientsource-interfacetypenumber

Example:

Configures a
source interface for the HTTP client.

Step 9

iphttpclientusernameusername

Example:

Device(config)# ip http client user1

Configures
the default username used for connections to remote HTTP servers.

Verifying HTTP/HTTPS
Connectivity

To verify remote
connectivity to the HTTP/HTTPS server, enter the system IP address in a web
browser, followed by a colon and the appropriate port number (80 is the default
port number).

For example, if the
system IP address is 209.165.202.129 and the port number is 8080, enter
http://209.165.202.129:8080 as the URL in a web browser.

If HTTP/HTTPS
authentication is configured, a login dialog box will appear. Enter the
appropriate username and password. If the default login authentication method
of “enable” is configured, you may leave the username field blank, and use the
“enable” password to log in.

The system home page
should appear in your browser.

Configuration Examples for HTTP 1.1 Web Server

Configuring the HTTP 1.1 Web
Server Example

The following
example shows a typical configuration that enables the server and sets some of
the characteristics:

In the following
example, a Throughput timeout policy is applied. This configuration would allow
each connection to be idle a maximum of 30 seconds (approximately). Each
connection will remain open (be “alive”) until either the HTTP/HTTPS server has
been busy processing requests for approximately 2 minutes (120 seconds) or
until approximately100 requests have been processed.

ip http timeout-policy idle 30 life 120 requests 100

In the following
example, a Response Time timeout policy is applied. This configuration would
allow each connection to be idle a maximum of 30 seconds (approximately). Each
connection will be closed as soon as the first request has been processed.

Technical Assistance

Description

Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

Feature Information for the
HTTP 1.1 Web Server and Client

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Table 1 Feature Information for HTTP
1.1 Web Server and Client

Feature
Name

Releases

Feature
Information

HTTP 1.1
Web Server and Client

Cisco IOS
XE Release 2.1

The HTTP
1.1 Web Server and Client feature provides a consistent interface for users and
applications by implementing support for HTTP 1.1 in Cisco IOS XE
software-based devices. When combined with the HTTPS feature, the HTTP 1.1 Web
Server and Client feature provides a complete, secure solution for HTTP
services between Cisco devices.

The HTTP
TACAC+ Accounting Support feature introduces the
iphttpaccountingcommands command. This command is used to specify
a particular command accounting method for HTTP server users. Command
accounting provides information about the commands for a specified privilege
level that are being executed on a device. Each command accounting record
corresponds to one IOS XE command executed at its respective privilege level,
as well as the date and time the command was executed, and the user who
executed it. The following sections provide information about this feature:

The
following commands were introduced or modified by this feature:
iphttpaccountingcommands.